1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
|
Welcome to GNUnet
What is GNUnet?
===============
GNUnet is peer-to-peer framework focusing on security. The first and
primary application for GNUnet is anonymous file-sharing. GNUnet is
currently developed by a worldwide group of independent free software
developers. GNUnet is a GNU package (http://www.gnu.org/).
This is an ALPHA release. There are known and significant bugs as
well as many missing features in this release.
Additional documentation about GNUnet can be found at
https://gnunet.org/.
Dependencies:
=============
Please note that for many of its dependencies GNUnet requires very
recent versions of the libraries which are often NOT to be found in
stable distributions in 2014. While using older packages may in some
cases on some operating systems may seem to work in some limited
fashion, we are in many cases aware of serious problems with older
packages. Hence please make sure to use the versions listed below.
These are the direct dependencies for running GNUnet:
- libextractor >= 0.6.1
- libmicrohttpd >= 0.9.33
- libgcrypt >= 1.6
- libgnurl >= 7.35.0 (available from https://gnunet.org/gnurl)
- libunistring >= 0.9.2
- gnutls >= 3.2.12
- libidn >= 1.0
- libglpk >= 4.45
- openssl >= 1.0 (binary, used to generate X.509 certificate)
- libltdl >= 2.2 (part of GNU libtool)
- sqlite >= 3.8 (default database, required)
- mysql >= 5.1 (alternative to sqlite)
- postgres >= 8.3 (alternative to sqlite)
- libopus >= 1.0.1 (optional for experimental conversation tool)
- libpulse >= 2.0 (optional for experimental conversation tool)
- libogg >= 1.3.0 (optional for experimental conversation tool)
- python-zbar >= 0.10 (optional for gnunet-qr)
- TeX Live >= 2012 (optional for gnunet-bcd)
Recommended autotools for compiling the SVN version are:
- autoconf >= 2.59
- automake >= 1.11.1
- libtool >= 2.2
How to install?
===============
The fastest way is to use a binary package if it is available for your
system. For a more detailed description, read the installation
instructions on the webpage at https://gnunet.org/installation.
Note that some functions of GNUnet require "root" access. GNUnet will
install (tiny) SUID binaries for those functions is you run "make
install" as root. If you do not, GNUnet will still work, but some
functionality will not be available (including certain forms of NAT
traversal).
GNUnet requires the GNU MP library (http://www.gnu.org/software/gmp/)
and libgcrypt (http://www.gnupg.org/). You can specify the path to
libgcrypt by passing "--with-gcrypt=PATH" to configure. You will also
need either sqlite (http://www.sqlite.org/), MySQL
(http://www.mysql.org/) or PostGres (http://www.postgres.org/).
If you install from source, you need to install GNU libextractor first
(download from http://www.gnu.org/software/libextractor/). We also
recommend installing GNU libmicrohttpd (download from
http://www.gnu.org/software/libmicrohttpd/). Then you can start the
actual GNUnet compilation and installation process with:
$ export GNUNET_PREFIX=/usr/local/lib # or other directory of your choice
# addgroup gnunetdns
# adduser gnunet gnunet
# ./configure --prefix=$GNUNET_PREFIX/.. --with-extractor=$LE_PREFIX
$ make
# make install
# sudo -u gnunet gnunet-arm -s
Note that running the 'configure' and 'make install' steps as
root (or with sudo) is required as some parts of the installation
require the creation of SUID binaries. The installation will
work if you do not run these steps as root, but some components
may not be installed in the perfect place or with the right
permissions and thus won't work.
This will create the users and groups needed for running GNUnet
securely and then compile and install GNUnet to $GNUNET_PREFIX/../bin/,
$GNUNET_PREFIX/ and $GNUNET_PREFIX/../share/ and start the system
with the default configuration. It is strongly recommended that you
add a user "gnunet" to run "gnunet-arm". You can then still run the
end-user applications as another user.
If you create a system user "gnunet", it is recommended that you edit
the configuration file slightly so that data can be stored in the
system user home directory at "/var/lib/gnunet". Depending on what
the $HOME-directory of your "gnunet" user is, you might need to set
the SERVICEHOME option in section "[PATHS]" to "/var/lib/gnunet" to
do this. Depending on your personal preferences, you may also want to
use "/etc/gnunet.conf" for the location of the configuration file in
this case (instead of ~gnunet/.config/gnunet.conf"). In this case,
you need to start GNUnet using "gnunet-arm -s -c /etc/gnunet.conf" or
set "XDG_CONFIG_HOME=/etc/".
You can avoid running 'make install' as root if you run configure
with the "--with-sudo=yes" option and have extensive sudo rights
(can run "chmod +s" and "chown" via 'sudo'). If you run 'make install'
as a normal user without sudo rights (or the configure option),
certain binaries that require additional priviledges will not be
installed properly (and autonomous NAT traversal, WLAN, DNS/GNS and
the VPN will then not work).
If you run 'configure' and 'make install' as root or use the SUDO
option, GNUnet's build system will install "libnss_gns*" libraries to
"/lib/" regardless (!) of the $GNUNET_PREFIX you might have specified,
as those libraries must be in "/lib/". If you are packaging GNUnet
for binary distribution, this may cause your packaging script to miss
those plugins, so you might need to do some additional manual work to
include those libraries in your binary package(s). Similarly, if you
want to use the GNUnet naming system and did NOT run GNUnet's 'make
install' process with SUDO rights, the libraries will be installed to
"$GNUNET_PREFIX" and you will have to move them to "/lib/"
manually.
Finally, if you are compiling the code from subversion, you have to
run ". bootstrap" before ./configure. If you receive an error during
the running of ". bootstrap" that looks like "macro `AM_PATH_GTK' not
found in library", you may need to run aclocal by hand with the -I
option, pointing to your aclocal m4 macros, i.e.
$ aclocal -I /usr/local/share/aclocal
Configuration
=============
Note that additional, per-user configuration files can be created by
each user. However, this is usually not necessary as there are few
per-user options that normal users would want to modify. The defaults
that are shipped with the installation are usually just fine.
The gnunet-setup tool is particularly useful to generate the master
configuration for the peer. gnunet-setup can be used to configure and
test (!) the network settings, choose which applications should be run
and configure databases. Other options you might want to control
include system limitations (such as disk space consumption, bandwidth,
etc.). The resulting configuration files are human-readable and can
theoretically be created or edited by hand.
gnunet-setup is a separate download and requires somewhat recent
versions of GTK+ and Glade. You can also create the configuration file
by hand, but this is not recommended. For more general information
about the GNU build process read the INSTALL file.
GNUnet uses two types of configuration files, one that specifies the
system-wide defaults (typically located in
$GNUNET_PREFIX/../share/gnunet/config.d/) and a second one that overrides
default values with user-specific preferences. The user-specific
configuration file should be located in "~/.config/gnunet.conf" or its
location can be specified by giving the "-c" option to the respective
GNUnet application.
Usage
=====
First, you must obtain an initial list of GNUnet hosts. Knowing a
single peer is sufficient since after that GNUnet propagates
information about other peers. Note that the default configuration
contains URLs from where GNUnet downloads an initial hostlist
whenever it is started. If you want to create an alternative URL for
others to use, the file can be generated on any machine running
GNUnet by periodically executing
$ cat $SERVICEHOME/data/hosts/* > the_file
and offering 'the_file' via your web server. Alternatively, you can
run the build-in web server by adding '-p' to the OPTIONS value
in the "hostlist" section of gnunet.conf and opening the respective
HTTPPORT to the public.
If the solution with the hostlist URL is not feasible for your
situation, you can also add hosts manually. Simply copy the hostkeys
to "$SERVICEHOME/data/hosts/" (where $SERVICEHOME is the directory
specified in the gnunet.conf configuration file). You can also use
"gnunet-peerinfo -g" to GET a URI for a peer and "gnunet-peerinfo -p
URI" to add a URI from another peer. Finally, GNUnet peers that use
UDP or WLAN will discover each other automatically (if they are in the
vicinity of each other) using broadcasts (IPv4/WLAN) or multicasts
(IPv6).
The local node is started using "gnunet-arm -s". GNUnet should run
24/7 if you want to maximize your anonymity, as this makes partitioning
attacks harder.
Once your peer is running, you should then be able to access GNUnet
using the shell:
$ gnunet-search KEYWORD
This will display a list of results to the console. You can abort
the command using "CTRL-C". Then use
$ gnunet-download -o FILENAME GNUNET_URI
to retrieve a file. The GNUNET_URI is printed by gnunet-search
together with a description. To publish files on GNUnet, use the
"gnunet-publish" command.
The GTK user interface is shipped separately. After downloading and
installing gnunet-gtk, you can invoke the setup tool and the
file-sharing GUI with:
$ gnunet-setup
$ gnunet-fs-gtk
For further documentation, see our webpage.
Hacking GNUnet
==============
Contributions are welcome, please submit bugs to
https://gnunet.org/bugs/. Please make sure to run contrib/report.sh
and include the output with your bug reports. More about how to
report bugs can be found in the GNUnet FAQ on the webpage. Submit
patches via E-Mail to gnunet-developers@gnu.org.
In order to run the unit tests with by hand (instead of using
"make check"), you need to
set an environment variable ("GNUNET_PREFIX") to the directory
where GNUnet's libraries are installed.
Also, before running any testcases, you must
complete the installation first. Quick summary:
$ ./configure --prefix=$SOMEWHERE
$ make
$ make install
$ make check
Some of the testcases require python >= 2.6 and pexpect to be
installed. If any testcases fail to pass on your system, run
"contrib/report.sh" and report the output together with
information about the failing testcase to the Mantis bugtracking
system at https://gnunet.org/bugs/.
Running HTTP on port 80 and HTTPS on port 443
=============================================
In order to hide GNUnet's HTTP/HTTPS traffic perfectly, you might
consider running GNUnet's HTTP/HTTPS transport on port 80/443.
However, we do not recommend running GNUnet as root. Instead, forward
port 80 to say 1080 with this command (as root, in your startup
scripts):
# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 1080
or for HTTPS
# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 443 -j REDIRECT --to-ports 4433
Then set in the HTTP section of gnunet.conf the "ADVERTISED_PORT" to
"80" and "PORT" to 1080 and similarly in the HTTPS section the
"ADVERTISED_PORT" to "443" and "PORT" to 4433.
You can do the same trick for the TCP and UDP transports if you want
to map them to a priviledged port (from the point of view of the
network). However, we are not aware of this providing any advantages
at this point.
If you are already running an HTTP or HTTPS server on port 80 (or 443),
you may be able to configure it as a "ReverseProxy". Here, you tell
GNUnet that the externally visible URI is some sub-page on your website,
and GNUnet can then tunnel its traffic via your existing HTTP server.
This is particularly powerful if your existing server uses HTTPS, as
it makes it harder for an adversary to distinguish normal traffic to
your server from GNUnet traffic. Finally, even if you just use HTTP,
you might benefit (!) from ISP's traffic shaping as opposed to being
throttled by ISPs that dislike P2P. Details for configuring the
reverse proxy are documented on our website.
Stay tuned
==========
* https://gnunet.org/
* https://gnunet.org/bugs/
* https://gnunet.org/svn/
* http://www.gnu.org/software/gnunet/
* http://mail.gnu.org/mailman/listinfo/gnunet-developers
* http://mail.gnu.org/mailman/listinfo/help-gnunet
* http://mail.gnu.org/mailman/listinfo/info-gnunet
* http://mail.gnu.org/mailman/listinfo/gnunet-svn
|